论文信息 - Detecting attack signatures in the real network traffic with ANNIDA

Detecting attack signatures in the real network traffic with ANNIDA

In this paper, an improved version of ANNIDA for detecting attack signatures in the payload of network packets is presented. The Hamming Net artificial neural network methodology was used with good results. A review of the application's development is followed by a summary of the modifications made in the application in order to classify real data. Application improvements are reported, solving the problems of time delays in writing/reading data in the files and data collision effects when generating numeric keys used to model data for the neural network. Test results highlight the increased accuracy and efficiency of the new application when submitted to real data from HTTP network traffic containing actual traces of attacks and legitimate data. Finally, an evaluation of the application to detect signatures in real network traffic data is presented.

Lília de Sá Silva | Antonio Montes | José Demisio Simões da Silva | Adriana Cristina Ferrari dos Santos | Thiago Dias Mancilha

[1] Christopher Krügel,et al. Using Decision Trees to Improve Signature-Based Intrusion Detection , 2003, RAID.

[2] Todd L. Heberlein,et al. Network intrusion detection , 1994, IEEE Network.

[3] Robert K. Cunningham,et al. Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[4] Paulo Lício de Geus,et al. An intrusion detection system using ideas from the immune system , 2004, IEEE Congress on Evolutionary Computation.

[5] Asim Karim. Computational Intelligence for Network Intrusion Detection: Recent Contributions , 2005, CIS.

[6] J.D.S. da Silva,et al. A neural network application for attack detection in computer networks , 2004, 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No.04CH37541).

[7] Laurene V. Fausett,et al. Fundamentals Of Neural Networks , 1994 .

[8] Lília de Sá Silva,et al. Hamming Net and LVQ Neural Networks for Classification of Computer Network Attacks: A Comparative Analysis , 2006, 2006 Ninth Brazilian Symposium on Neural Networks (SBRN'06).